I • Amendments to the Claims 

Please amend the claims as follows with the following 
version of the claims in accordance with revised 37 CFR § 1.121. 
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1. (Amended) A method for authenticating a client within a 
distributed data processing system, the method comprising the 
steps of: 

receiving a digital certificate from the client at a host 
within the distributed data processing system; 

obtaining a host identity for the client from the digital 
certificate , wherein the host identity for the client identifies 
the client to the host, and wherein the host is not a certifying 
authority that issued the digital certificate ; 

retrieving host encrypte d host -decryptable secret data 
associated with the host identity from the digital certificate; 

decrypting the host -encrypt e d host-decryptable secret data 
with a host private ke y to generate secret data ; and 

authenticating the client at the host u sing the host 
identity and the d e crypt e d secret data. 

2. (Original) The method of claim 1, wherein the host acts 
as a proxy for the client. 

3. (Original) The method of claim 1 further comprising: 
verifying the received digital certificate. 
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4. (Original) The method of claim 1 further comprising: 
generating, at the client, a request for a digital 

certificate comprising host identity mapping data; 

sending the request for the digital certificate to a 
certifying authority (CA) ; and 

receiving a digital certificate comprising host identity 
mapping data from the certifying authority. 

5. (Amended) The method of claim 4 further comprising: 

storing the host identity in the request for the digital 
certificate; 

encrypting secret data associated with the host identity 
using a public key of the certifying authority to generate 
CA encrypte d CA- decrypt able secret data; and 

storing the OA - encrypte d CA-decryptable secret data in the 
request for the digital certificate, wherein the host identity 
and the CA encrypte d CA- decrypt able secret data comprise the host 
identity mapping data in the request for the digital certificate. 
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6. (Original) The method of claim 4 further comprising: 

receiving, at the certifying authority, the request for a 

digital certificate ; 

generating the digital certificate in response to the 
5 received request for the digital certificate; and 

sending the generated digital certificate to the client. 



7. (Amended) The method of claim 4 further comprising: 

retrieving OA- e ncrypte d CA-decryptable secret data from the 
10 host identity mapping data in the request for the digital 
certificate ; 

decrypting the CA- encrypte d CA-decryptable secret data 
associated with the host identity using a private key of the 
certifying authority to generate decrypted secret data; 
15 encrypting the d e crypted secret data associated with the 

host identity using a public key of the host to generate the 
host encrypte d host-decryptable secret data; and - 

storing the host - encrypt e d host-decryptable secret data in 
the digital certificate, wherein the host identity and the 
20 ho s t -e ncrypt e d host-decryptable secret data comprise the host 
identity mapping data in the digital certificate. 
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8. (Original) The method of claim 1 wherein the digital 

certificate comprises multiple host identities for multiple hosts 
within the distributed data processing system. 

5 9. (Original) The method of claim 1 wherein the digital 

certificate is formatted according to the X.509 standard. 

10. (Amended) The method of claim 9 wherein the host 
identity and the host - e ncrypte d host-decryptable secret data 

10 associated with the host identity is stored within an X.509 
extension within the digital certificate. 

11. (Original) The method of claim 1 further comprising: 
performing multiple authentication processes within the 

15 distributed data processing system for the client through the 
host using information within the digital certificate. 
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12. (Amended) A method for generating a digital 

certificate, the method comprising the steps of: 

receiving, at a certifying authority (CA) , a request for a 
digital certificate from a client, wherein the request for a 
digital certificate comprises host identity mapping dat a, wherein 
a host identity for the client within the host identity mapping 
data identifies the client to a host, and wherein the host is not 
the certifying authority ; 

generating the digital certificate in response to the 
received request for a digital certificate; and 

sending the generated digital certificate to the client, 
wherein the digital certificate comprises host identity mapping 
data from the certifying authority . 
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13. (Amended) The method of claim 12 further comprising: 

retrieving CA encrypte d CA-decrvptable secret data from the 
host identity mapping data in the request for a digital 
certificate; 

decrypting the CA encrypte d CA- decrypt able secret data 
associated with a host identity using a private key of the 
certifying authority to generate decrypted secret data; 

encrypting the d e crypted secret data associated with the 
host identity using a public key of a host to generate a 
host encrypte d host -decryptable secret data; and 

storing the host -e ncrypte d host -decryptable secret data in 
the digital certificate, wherein the host identity and the 
host encrypt e d host -decryptable secret data comprise the host 
identity mapping data in the digital certificate. 
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14. (Amended) An apparatus for authenticating a client 

within a distributed data processing system, the apparatus 
comprising : 

first receiving means for receiving a digital certificate 
from the client at a host within the distributed data processing 
system; 

obtaining means for obtaining a host identity for the client 
from the digital certificate , wherein the host identity for the 
client identifies the client to the host, and wherein the host is 
10 not a certifying authority that issued the digital certificate ; 
first retrieving means for retrievin g host encrypted 
host-decryptable secret data associated with the host identity 
from the digital certificate; 

first decrypting means for decrypting the host encrypted 
15 host-decryptable secret data with a host private ke y to generate 
secret data ; and 

authenticating means for authenticating the client at the 
host u sing the host identity and the decrypt e d secret data. 

20 15. (Original) The apparatus of claim 14, wherein the host 

acts as a proxy for the client. 



Page 9 

Benantar et al . - 09/667,090 



16. (Original) The apparatus of claim 14 further comprising: 

verifying means for verifying the received digital 
certificate . 

5 17. (Original) The apparatus of claim 14 further comprising: 

first generating means for generating, at the client, a 
request for a digital certificate comprising host identity 
mapping data; 

first sending means for sending the request for the digital 
10 certificate to a certifying authority (CA) ; and 

second receiving means for receiving a digital certificate 
comprising host identity mapping data from the certifying 
authority. 
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18. (Amended) The apparatus of claim 17 further comprising: 
first storing means for storing the host identity in the 

request for the digital certificate; 

first encrypting means for encrypting secret data associated 
with the host identity using a public key of the certifying 
authority to generate CA -e ncrypte d CA-decryptable secret data; 
and 

second storing means for storing the CA - e ncrypt e d 
CA-decryptable secret data in the request for the digital 
certificate, wherein the host identity and the CA - e ncrypt e d 
CA-decryptable secret data comprise the host identity mapping 
data in the request for the digital certificate. 

19. (Original) The apparatus of claim 17 further comprising: 
15 third receiving means for receiving, at the certifying 

authority, the request for a digital certificate; 

second generating means for generating the digital 
certificate in response to the received request for the digital 
certificate; and 
20 second sending means for sending the generated digital 

certificate to the client. 
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20. (Amended) The apparatus of claim 17 further comprising: 
second retrieving means for retrievin g CA e ncrypt e d 

CA- decrypt able secret data from the host identity mapping data in 
the request for the digital certificate; 

second decrypting means for decrypting the CA encrypted 
CA-decryptable secret data associated with the host identity 
using a private key of the certifying authority to generate 
d e crypted secret data; 

second encrypting means for encrypting the decrypted secret 
10 data associated with the host identity using a public key of the 
host to generate the host encrypte d host-decryptable secret data; 
and 

third storing means for storing the host- encrypt e d 
host-decryptable secret data in the digital certificate, wherein 
15 the host identity and the host - encrypte d host-decryptable secret 
data comprise the host identity mapping data in the digital 
certificate . 

21. (Original) The apparatus of claim 14 wherein the digital 
20 certificate comprises multiple host identities for multiple hosts 

within the distributed data processing system. 
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22. (Original) The apparatus of claim 14 wherein the digital 

certificate is formatted according to the X.509 standard. 



23. (Amended) The apparatus of claim 22 wherein the host 
identity and the host encrypte d host -decrypt able secret data 
associated with the host identity is stored within an X.509 
extension within the digital certificate. 

24. (Original) The apparatus of claim 14 further comprising: 
performing means for performing multiple authentication 

processes within the distributed data processing system for the 
client through the host using information within the digital 
certificate . 
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25. (Amended) An apparatus for generating a digital 

certificate, the apparatus comprising: 

receiving means for receiving, at a certifying authority 
(CA) , a request for a digital certificate from a client, wherein 
5 the request for a digital certificate comprises host identity 
mapping dat a, wherein a host identity for the client within the 
host identity mapping data identifies the client to a host, and 
wherein the host is not the certifying authority ; 

generating means for generating the digital certificate in 
10 response to the received request for a digital certificate; and 

sending means for sending the generated digital certificate 
to the client, wherein the digital certificate comprises host 
identity mapping data from the c e rtifying authority . 
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26. (Amended) The apparatus of claim 25 further comprising: 

retrieving means for retrieving CA encrypted CA-decrvptable 

secret data from the host identity mapping data in the request 

for a digital certificate; 

decrypting means for decrypting the CA encrypted 

CA-decryptable secret data associated with a host identity using 

a private key of the certifying authority to generate decrypted 

secret data; 

encrypting means for encrypting the decrypted secret data 
associated with the host identity using a public key of a host to 
generate a host encrypte d host-decryptable secret data; and 

storing means for storing the ho3t encrypt e d 
host-decryptable secret data in the digital certificate, wherein 
the host identity and the host ■ encrypte d host-decryptable secret 
data comprise the host identity mapping data in the digital 
certificate. 
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27. (Amended) A computer program product on a computer 

readable medium for use in a distributed data processing system 
for authenticating a client, the computer program product 
comprising: 

instructions for receiving a digital certificate from the 
client at a host within the distributed data processing system; 

instructions for obtaining a host identity for the client 
from the digital certificate , wherein the host identity for the 
client identifies the client to the host, and wherein the host is 
10 not a certifying authority that issued the digital certificate ; 

instructions for retrieving heat encrypte d host-decryptable 
secret data associated with the host identity from the digital 
certificate ; 

instructions for decrypting the host encrypted 
15 host -decrypt able secret data with a host private ke y to generate 
secret data ; and 

instructions for authenticating the client at the host u sing 
the host identity and the d e crypt e d secret data. 

20 28. (Original) The computer program product of claim 27, 

wherein the host acts as a proxy for the client. 
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29. (Original) The computer program product of claim 27 

further comprising: 

instructions for verifying the received digital certificate. 

5 30. (Original) The computer program product of claim 27 

further comprising: 

instructions for generating, at the client, a request for a 
digital certificate comprising host identity mapping data; 
instructions for sending the request for the digital 
10 certificate to a certifying authority (CA) ; and 

instructions for receiving a digital certificate comprising 
host identity mapping data from the certifying authority. 
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31. (Amended) The computer program product of claim 30 

further comprising : 

instructions for storing the host identity in the request 
for the digital certificate; 

instructions for encrypting secret data associated with the 
host identity using a public key of the certifying authority to 
generate CA- encrypte d CA-decryptable secret data; and 

instructions for storing the CA- encrypte d CA- decrypt able 
secret data in the request for the digital certificate, wherein 
10 the host identity and the CA encrypte d CA-decryptable secret data 
comprise the host identity mapping data in the request for the 
digital certificate . 



32. (Original) The computer program product of claim 30 

15 further comprising: 

instructions for receiving, at the certifying authority, the 
request for a digital certificate; 

instructions for generating the digital certificate in 
response to the received request for the digital certificate; and 
20 instructions for sending the generated digital certificate 

to the client. 
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33. (Amended) The computer program product of claim 30 
further comprising: 

instructions for retrieving CA -e ncrypte d CA-decryptable 
secret data from the host identity mapping data in the request 
5 for the digital certificate; 

instructions for decrypting the CA-encrypte d CA-decryptable 
secret data associated with the host identity using a private key 
of the certifying authority to generate decrypted secret data; 
instructions for encrypting the d e crypted secret data 
10 associated with the host identity using a public key of the host 
to generate the host encrypte d host-decryptable secret data; and 

instructions for storing the host - encry pte d host -decryptable 
secret data in the digital certificate, wherein the host identity 
and the host encrypt e d host -decryptable secret data comprise the 
15 host identity mapping data in the digital certificate. 

34. (Original) The computer program product of claim 27 
wherein the digital certificate comprises multiple host 
identities for multiple hosts within the distributed data 

20 processing system. 
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35. (Original) The computer program product of claim 27 

wherein the digital certificate is formatted according to the 
X.50 9 standard. 



5 36. (Amended) The computer program product of claim 35 

wherein the host identity and the host - encrypte d host-decryptable 

secret data associated with the host identity is stored within an 
X.509 extension within the digital certificate. 



10 37. (Original) The computer program product of claim 27 

further comprising : 

instructions for performing multiple authentication 
processes within the distributed data processing system for the 
client through the host using information within the digital 

15 certificate. 
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38. (Amended) A computer program product on a computer 

readable medium for use in a distributed data processing system 
for generating a digital certificate, the computer program 
product comprising : 

instructions for receiving, at a certifying authority (CA) , 
a request for a digital certificate from a client, wherein the 
request for a digital certificate comprises host identity mapping 
data , wherein a host identity for the client within the host 
identity mapping data identifies the client to a host, and 
wherein the host is not the certifying authority ; 

instructions for generating the digital certificate in 
response to the received request for a digital certificate; and 

instructions for sending the generated digital certificate 
to the client, wherein the digital certificate comprises host 
identity mapping data from the certifying authority . 
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39. (Amended) The computer program product of claim 38 

further comprising: 

instructions for retrieving CA encrypte d CA-decrvptable 
secret data from the host identity mapping data in the request 
5 for a digital certificate; 

instructions for decrypting the CA encrypte d CA- decrypt able 
secret data associated with a host identity using a private key 
of the certifying authority to generate decrypted secret data; 

instructions for encrypting the d e crypted secret data 
10 associated with the host identity using a public key of a host to 
generate a host encrypt e d host-decryptable secret data; and 

instructions for storing the ho3t encrypt e d host-decryptable 
secret data in the digital certificate, wherein the host identity 
and the host encrypte d host-decryptable secret data comprise the 
15 host identity mapping data in the digital certificate. 
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40. (Amended) A data structure representing a digital 

certificate for use in a data processing system, the data 
structure comprising : 

an issuer name; 

a signature; 

a subject name; and 

an extension, wherein the extension comprises a host 
identity an d host -e ncrypte d host-decryptable secret data 
associated with the host identit y, wherein the host identity 
identifies a client to a host, wherein the host is not a 
certifying authority that issued the digital certificate, and 
wherein the host-decryptable secret data is used by the host to 
authenticate the client. 
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